NAU, UA, and ASU seek funding to implement and deploy a vulnerability scanning and management solution. Funding amount requested: $195,000.
|
|
- Jasper Stone
- 8 years ago
- Views:
Transcription
1 Technology Oversight Committee April 23, 2008 Item 5 Page 1 of 1 EXECUTIVE SUMMARY ACTION ITEM Tri-University Vulnerability Scanning/Management Solution ISSUE NAU, UA, and ASU seek funding to implement and deploy a vulnerability scanning and management solution. Funding amount requested: $195,000. BACKGROUND In April 2007, the Technology Oversight Committee hired a consultant, Moran Technology Consulting, to develop a strategic planning framework that would help the Regents and universities decide when, how, and to what degree potential IT collaborative opportunities could be pursued. The study was concluded in June 2007 with eleven initiatives defined. Three of those initiatives were selected for further review; IT Security Scanning, Open Supercomputing Services, and IT Methodologies, Processes, and Tools. On October 12, 2007, a detailed project plan for the selection and implementation of a security scanning solution was presented to ATOC and approved, of which one step was to request funding from ABOR. DISCUSSION To create an effective vulnerability scanning and management solution, this initiative will select and install the appropriate hardware and software for conducting the scans, develop methodologies and processes for staff to conduct effective scans, and provide guidance for selecting and prioritizing critical networks to scan. The ultimate goal is to provide the three universities with the tools needed to detect system and web vulnerabilities before they become exploited by intruders and reduce the risk of sensitive information loss or disruptions to the networks that support our core mission. The proposed scanning solution would allow the universities to: Gain an external intruder s point of view by scanning through network perimeters from scanners located at a sister university Take the vantage point of an attacker located on the campus network by regularly scanning their own critical networked IT assets from the inside The projected completion date is August RECOMMENDATION It is recommended that the ABOR Technology Oversight Committee approve this grant application for $195,000 from unallocated 2008 ARRO funds to support the Tri- University Vulnerability Scanning/Management Solution. CONTACTS: Michele Norin, CIO, UofA, (520) ; norin@arizona.edu Fred Estrella, CIO, NAU, (928) ; fred.estrella@nau.edu Adrian Sannier, CITO, ASU, (480) ; adrian.sannier@asu.edu
2 The Arizona Board of Regents Request for Proposals and Application Guidelines Information Technology Innovation Fund 2008 Innovation Grant Program Tri-University Vulnerability Scanning/Management Solution Arizona Board of Regents 2020 N. Central Avenue, Suite 230 Phoenix, AZ Phone: Fax:
3 ATTACHMENT A: IT INNOVATION FUND GRANT APPLICATION COVER SHEET 1. Project Title: Tri-University Vulnerability Scanning/Management Solution 2. Lead Institution/Unit: The University of Arizona 3. Amount requested: $ 195, Please check any collaborating campuses or universities: _x ASU Main (Tempe) ASU West Campus ASU Polytechnic Campus ASU Downtown Campus _x UA (Tucson) UA South _x NAU 5. List other collaborating institutions or organizations (outside the Arizona University System): 2
4 6. Briefly describe the project (50 words maximum): This initiative strives to create an effective vulnerability scanning and management solution. This involves selecting and installing the appropriate hardware and software for conducting the scans, developing methodologies and processes for staff to conduct effective scans, and providing guidance for selecting and prioritizing critical networks to scan. 7. Project Director: Name: Sylvia Johnson (UA), Harper Johnson (NAU), Scott Banks (ASU) Title: Information Security Officers Phone: Fax: Address: City/State/Zip: SIGNATURE: DATE: 8. Co-directors? [ ] Yes [ ] No (Please list contact information for co-directors, if any, on a separate sheet.) 9. Department Chair/ Unit Director/ College Dean/ Provost (may not be same as Project Director): Name: Title: Phone: Fax: Address: Michele Norin (UA), Fred Estrella (NAU), Adrian Sannier (ASU) Chief Information Technology Officers norin@arizona.edu, fred.estrella@nau.edu, adrian.sannier@asu.edu City/State/Zip: 10. Sponsored Projects Office Representative: SIGNATURE: Name: Title: Phone: Fax: Address: DATE: City/State/Zip: SIGNATURE: DATE: IT Innovation Fund Grant Program c/o Arizona Board of Regents 2020 N. Central Avenue, Suite 230 Phoenix, AZ Phone: Fax:
5 Table of Contents Introductory Material... 2 Grant Application Cover Sheet (Attachment A)... 2 Table of Contents... 4 Project Summary... 5 Proposal Narrative... 5 Description of Need or Opportunity... 5 Description of Intended Outcomes and Strategies... 6 Technical Needs... 7 Work Plan/Timeline... 8 Key Personnel... 9 Milestones, Performance Metrics, and Deliverables Evaluation Plan Budget Documents Budget Request Form (Attachment B) Budget Justification Faculty/Staff Compensation Worksheet (Attachment C) Other Attachments Project Timeline and Progress Report (Attachment D)
6 Project Summary This grant application is part of a previous project report presented to ABOR to create a shared Tri-University vulnerability scanning and management solution, which was one of the recommendations of the Moran Technology Consulting IT Collaborative Opportunities study. The proposed scanning solution would allow the three universities to: Gain an external intruder s point of view by scanning through network perimeters from scanners located at a sister university Take the vantage point of an attacker located on the campus network by regularly scanning their own critical networked IT assets from the inside To create an effective vulnerability scanning and management solution, this initiative will select and install the appropriate technologies for conducting both network system and web application scans, develop methodologies and processes for staff to conduct effective scans, and provide guidance for selecting and prioritizing critical networks to scan. The ultimate goal is to provide the three universities with the tools needed to detect system and web vulnerabilities before they become exploited by intruders and reduce the risk of sensitive information loss or disruptions to the networks that support our core mission. Proposal Narrative Part 1: Description of Need or Opportunity: Vulnerability scanning on networks is the practice of using tools to automate the detection of potential weaknesses in networked computer systems, and the process of interpreting these results to determine which vulnerabilities may be the most susceptible to being leveraged by a potential intruder. Regularly conducting vulnerability scanning (henceforth referred to as scanning ) is a critical component of an overall defense-in-depth strategy, and can establish a baseline of security exposures which an intruder can exploit. This baseline can be used in tracking on-going remediation efforts and provides guidance for Information Technology (IT) system administrators regarding security issues that need to be addressed. The significant benefits of regularly scanning each university s network include: Establishing a baseline of vulnerabilities that an intruder may exploit Providing IT system administrators with an outside view of services that they may be offering on the network Acting as a safety net for routine yet critical tasks such as patching software running on networked devices; for example, a vulnerability scan may reveal a previously overlooked critical patch that is missing Providing a certain degree of review for potentially insecure configurations Helping to comply with pertinent government or industry regulations 5
7 Discovering and addressing vulnerabilities in web applications in addition to network system vulnerabilities is also of significant and growing importance. Vulnerabilities in web applications can lead to significant data leakage, alteration of data, or even the compromise of an otherwise secure networked system. Currently, each of the three universities conducts its own network vulnerability scanning with a variety of primarily open-source tools and contracted services. Significant labor costs and effort are required to deploy those tools, making regular scanning of network vulnerabilities throughout the universities problematic. Contracted vulnerability assessment services could be eliminated if the universities owned their own vulnerability scanning solution. Collaboration among the universities to share a common vulnerability scanning solution and methodologies was a recommendation of the Moran Technology Consulting IT Collaborative Opportunities study. Some of the enhanced benefits of a scanning solution shared by the three universities include: Leveraging economies of scale to improve purchasing power and reduce the need for overlapping hardware Saving the overhead cost of developing scanning methodologies multiple times for each university independently Sharing technical expertise among security staff at the three universities to gain fresh perspectives and technical synergies Standardizing best practices for vulnerability scanning Aiding central IT to gain a more consistent, current view of the types of systems on the campus network, and providing additional insights into the type of data that may be stored on given networks Gaining the perspective of both an external intruder by scanning through network perimeters from scanners located at another university and an attacker located on the campus network At the direction of the Committee after the Moran study, the three universities assembled a working group led by The University of Arizona to explore this initiative. The group put together a report and project proposal in October 2007 for the Board outlining a plan to implement a shared Tri-U vulnerability scanning solution. Part 2: Description of Intended Outcomes and Strategies: Successful implementation of a shared vulnerability scanning infrastructure in order to realize the benefits described previously requires that three intermediary goals be accomplished: 1. Development of scanning methodologies to be implemented at all three universities 2. Selection of a scanning tool which fulfills Tri-U requirements 3. Development of prioritization criteria for network sensitivity The first goal, to create uniformly adopted scanning methodologies, is critical both for ensuring a baseline of standards for scans and for facilitating communications and technical cooperation between security staff at the three universities. Also, having the same ground rules 6
8 across the three universities will increase the value of the data both for internal security staff and for audit purposes. The second goal of selecting the right scanning tool is clearly important for maximizing the benefit that the selected product can offer while minimizing the amount of time and effort required to customize the tool to fit requirements. The third goal, to determine a set of criteria used to prioritize which networks to scan, is necessary to make efficient use of staff time spent on analyzing scan results. Security staff should spend more time and resources analyzing networks that contain resources critical to the mission and well-being of the universities. This judgment would become significantly more difficult to make without the ability to differentiate between networks. To use an extreme example, a main server in the Registrar s office should have more resources committed to analyzing its vulnerabilities than a transient laptop connected to wireless. This proposal focuses on the second goal of selecting and acquiring the right scanning tool. After reviewing practices at other universities and going over Gartner recommendations, an RFI was issued to determine marketscope. Summarizing briefly, the RFI reflected requirements collected by the working group during Phase 1 of the project, and covered 19 major points ranging from technical quality of scans to compliance reporting to training support offered by the vendor. A virtualized lab environment was created at the University of Arizona which contained both systems that were well protected and systems that had known vulnerabilities, and products participating in the RFI were tested first in this isolated lab environment. After initial testing, scans of other network segments were collected to review results against a larger sample size. Also during testing, the working group concluded that none of the leading network vulnerability scanners have a sufficiently mature web scanning functionality bundled in, and that a standalone web app scanner would be necessary to have the desired results. The addition of an automated penetration testing tool to the suite will also assist in the verification of vulnerabilities discovered. Based on the information gathered during the RFI, the working group proposes a suite consisting of (1) a network vulnerability scanning/management solution, (2) a web application vulnerability scanning solution, and (3) an automated penetration testing tool. Some of the tools covered during the exploratory process include the same solutions used by the Auditor General s Office. The web application vulnerability scanning solution was not part of the Moran report, but it bears repeating that it is considered by the working group to be very important and would provide a means of addressing an expanding source of vulnerabilities. Part 3: Technical Needs: Both the web application vulnerability scanning solution and the automated penetration testing tool are software based solutions, which will require the implementation of servers with the likely reliance on virtualization in order to decrease costs and maintenance. The technical needs to implement the network vulnerability scanning/management solution will depend on the solution chosen. As an example, certain vendors provide blackbox scanning appliances and complete hosted management services, whereas other vendors require hardware 7
9 to be provided for their solution. The specifics of the technical needs will be pending the vendor selection at the conclusion of the RFP. Part 4: Work Plan/Timeline: The work plan and timeline chart below has excluded resources and personnel as well as personnel hours, as these items will vary greatly depending on the vulnerability scanning solution chosen. For example, certain vendors offer turnkey solutions whereas others require or allow significant customization. Another example is the training of systems administrators some vendors offer regular vendor-led training as part of their total cost, whereas for others more University staff time will need to be dedicated for training. Work Plan/Timeline Chart: Schedule Aug Sep 2007 (Done) Project Phase/ Key Milestone Phase 1: Conduct requirements analysis and obtain project approval. Checkpoint 1: Present report to ABOR analyzing costs and benefits Tasks and Activities Resou rces and Perso nnel Perso nnel Hours Identify members of Tri-U working group and organize Begin conducting market survey of vulnerability scanning service offered by peer universities and tools used Begin identifying initial requirements from working group representatives Determine criteria for priority of networks to scan (PCI, student data, credit card transactions, network backbone networks, DNS, etc?). List gathered by Tri-U effort Each university determines which of their networks (IP ranges) match which of the above defined criteria. Review if classification of data and network criticality brings up additional technical requirements not identified earlier Oct Dec 2007 (Done) Phase 2: Define network sensitivity standards and determine priority of networks to scan based on sensitivity standards. Examine need for additional requirements after network identification. Checkpoint 2: Face to face meeting for working group participants to review requirements in person and discuss progress. Dec Jan 2008 (Done) Jan Mar 2008 Phase 3: Develop product evaluation criteria based on requirements gathered. Concurrently, develop high level methodologies for conducting scans both internally and of a sister university. Checkpoint 3: Review developed product evaluation criteria and methodologies Phase 4: Conduct market survey of scanning products Determine product evaluation criteria for selecting a scanning product based on requirements Develop high-level, technology-independent methodologies for security staff to conduct scans of another university, in terms of notification, scanning process and handling the results Develop suggested methodologies for security staff to conduct scans of their own critical networks Conduct market survey of vulnerability scanner vendors 8
10 (Done) Apr Jun 2008 Jun Jul 2008 Jul 2008-mid Aug 2008 Checkpoint 4: In person or web meeting for working group participants to review RFI results Phase 4b: Issue RFP for vulnerability scanning solution, and acquire most suitable solution available Checkpoint 4b: Acquire solution or suite of solutions to meet TriU needs Phase 5: Obtain and set up site(s) for vulnerability scanner selected. Develop key performance indicators (KPIs) for production system. Define scanner specific processes to supplement previously defined high-level methodologies. Start production pilot after initial training for security staff. Checkpoint 5: In person meeting to compare pilot project results against predetermined KPIs and assess lessons learned from pilot. Phase 6: Make necessary modifications from pilot results versus KPIs and conduct final kickoff training. Begin implementation of regular, full scale scanning. Checkpoint 6: In person meeting with working group to discuss next steps and follow-up. Draft and send out RFI using requirements defined in Phases 1 and 2 above Draft and send out RFP Conduct test of select products against established product evaluation criteria Demo top product(s) to Tri-U working group for feedback and conclude solution selection Develop proposed deployment design for selected scanner Submit test results, deployment design, and recommendation for top product to ABOR pending funding Develop Key Performance Indicators (KPIs) for production system. This is different from the product evaluation criteria developed previously as it accounts for strengths and weaknesses of the actual scanner system being implemented Set up hardware/network infrastructure for scanner system Develop specific detailed technology-based scanning procedures tailored to the selected tool to supplement previously defined highlevel methodologies Conduct first training session for security staff from all three Universities Initiate pilot scanning program involving small, closely monitored network ranges Make modifications based on lessons learned from pilot program. Repeat previous steps if necessary Conduct final kickoff training session for security staff conducting the scan Begin internal training and advertising campaign for systems administrators Implement regular, full scale scanning 9
11 Part 5: Key Personnel: Harper Johnson Director NAU ITS Information Security Gwen Ceylon Sr. Information Security Analyst NAU ITS Information Security Greg Wilson Systems Analyst, Principal ASU UTO Ops Systems and Security Jeremy Glassman Network Systems Analyst, Graduate Assistant UA UITS Security Operations Laura Corcoran Network Systems Analyst, Senior UA UITS Security Operations Abraham Kuo Network Systems Analyst, Principal UA UITS Security Operations Sylvia Johnson UA University Information Security Officer Part 6: Milestones, Performance Measures, and Deliverables: Phase and Checkpoint 1: (Scheduled for Sep 2007, Done) Conduct requirements analysis on project, and obtain project approval. Checkpoint 1 is to present report to ABOR analyzing costs and benefits regarding overall Tri-U Vulnerability Scanning/Management Infrastructure collaboration and project. Phase and Checkpoint 2: (Scheduled for Nov 2007, Done) Define network sensitivity standards and priority of networks to scan based on sensitivity standards. Examine additional requirements which may have surfaced after network identification. Checkpoint 2 is to review requirements collection from Phase 1 in person and discuss progress. Phase and Checkpoint 3: (Scheduled for Jan 2008, Done) Develop product evaluation criteria. Checkpoint 3 is to meet and review developed product evaluation criteria and methodologies Phase and Checkpoint 4: (Scheduled for Mar 2008, Done) Conduct market survey (RFI) of scanning products, demo and compare top products using pre-defined product evaluation criteria. Checkpoint 4 is to meet to review market survey. Phase and Checkpoint 4b: (Scheduled for Jun 2008) Conduct RFP for vulnerability scanning/management solutions using previously defined metrics. Checkpoint 4b is to have acquired a solution that meets the TriU needs. The conclusion of Checkpoint 4b will also include the generation of the Reimbursement Report. Phase and Checkpoint 5: (Scheduled for Jul 2008) Develop key performance indicators for the deployment of the solution selected, and implement the scanning 10
12 procedures in a pilot production network. Checkpoint 5 is to meet to compare pilot project results against pre-determined KPIs and assess lessons learned from pilot. Phase and Checkpoint 6: (Scheduled for mid August 2008) Finalize training for security staff, begin mass adoption of scanning solution and methodology, and begin advertising and training campaign for systems administrators. Checkpoint 6 concludes with a meeting with the working group to review progress, discuss any next steps, and generate the Interim Progress Report. The Final Project/Financial Report is proposed to be submitted in July of 2009, roughly one year after the initial implementation of the vulnerability scanning/management solution. Part 7: Evaluation Plan: The fundamental success of this project revolves around the detection and remediation of vulnerabilities on critical networks. As such, the success of the project should be measured by how accurate, how precise, and how actionable the information gathered is. In the near term, trending should be kept for critical networks on how many of the vulnerabilities detected were high priority, how many were actionable and quickly remediated, and how many were either false positives or had other compensating measures reducing the exposure caused by the vulnerability. 11
13 ATTACHMENT B: BUDGET REQUEST FORM Lead Institution: Project Title: University of Arizona Tri-University Vulnerability Scanning/Management Solution Project Director: AMOUNT REQUESTED: Match Amount: Source of Match: 1. PERSONNEL COSTS (List names/titles separately) 0.00 A. Key Personnel (Faculty & Staff) Salaries (itemize): 0.00 B. Support Personnel (Clerical, Assistants, etc.) Salaries (itemize): 0.00 C. Key Personnel Fringe Benefits (ERE) 0.00 D. Support Personnel Fringe Benefits (ERE) TOTAL PERSONNEL COSTS: 2. PROFESSIONAL/OUTSIDE SERVICES (itemize): STAFF TRAVEL: COMMUNICATIONS: MATERIALS & SUPPLIES: 195, OTHER OPERATING EXPENDITURES: SUBTOTAL (TOTAL DIRECT COSTS) 195, INDIRECT COSTS (Max. 8% of subtotal costs) 2 9. TOTAL COSTS 195, Matching and/or supporting funds, while not required, will be considered positively in reviewing the proposal. 2 Indirect and overhead funds may be included as part of the match, but may not be included in the amount requested. PARTNERSHIP DISTRIBUTION: If multiple universities/campuses will be partnering, please use the following table to list the amount of grant funds that each participating university/campus will require: University/Campus: Amount Requested: 12
14 Budget Justification Network Vulnerability Scanning/Management Solution $120,000 Web Application Vulnerability Scanning Tool $48,000 Vulnerability Penetration Testing Tool $27,000 Total cost $195,000 The range of costs varies considerably for the network vulnerability scanning solutions tested by the working group. As a result, the actual initial first year costs may be considerably less than the maximum cost expressed above. 13
15 ATTACHMENT C: IT Innovation Fund Grant Faculty/Staff Compensation Detail Worksheet Proposal Title: Proposal Number: Universities: Worksheet Completed By: Date Submitted to ABOR: Tri-University Vulnerability Scanning/Management Solution Northern Arizona University, Arizona State University, The University of Arizona Name: Abraham Kuo Phone: (520) Name of Faculty or Staff Member ASU/NAU/UA staff State- Funded Part- Time? Y or N State- Funded Full- Time? Y or N 9-mo. or 12- mo.? Brief description of grant-funded task(s) to be performed: No grant funding will be applied towards staff time and labor costs Time frame of grant-funded task(s) to be performed: Start End Amount of grant budget request (with detailed calculations): Time contribution contingent upon product selection PLEASE NOTE: If your request to ABOR includes compensation for course release for a full-time faculty, you must submit a letter signed by the Department head stating that the course release has been authorized by the Department, under one of the two following conditions: If the faculty s course load and salary have both been reduced, ABOR will consider a request to compensate the faculty for project-related work up to the amount of the salary reduction. If the faculty s course load has been reduced with no reduction in salary, ABOR will consider a request to pay for replacement (part-time) instructors. 14
16 ATTACHMENT D: IT INNOVATION FUND GRANT PROJECT TIMELINE AND PROGRESS REPORT Reporting Period: From Through Project #: Project Name: Institution: Tri-University Vulnerability Scanning/Management Solution PI Name: PI Phone: PI Key Milestones, Performance Measures, and/or Deliverables (from original proposal): Target Date Status:* Progress During This Time Period/Notes/Explanations Phase 4b: RFP and solution selection. Present Reimbursement Report Phase 5: Solution-specific process development and pilot deployment Phase 6: General implementation w/ focus on critical networks. Present Interim Progress Report Final report and one year later followup Jun 08 Jul 08 Aug 08 July 09 If appropriate, please attach a brief description and explanation of any planned modifications to the original project timeline, budget, or work plan. PI Signature Date *For Status, enter: 1 = Ahead of schedule 2 = On track to meet schedule 3 = Behind schedule 15
Project Update December 2, 2008 2008 Innovation Grant Program
Tri-University Vulnerability Scanning/Management Solution Project Update December 2, 2008 2008 Innovation Grant Program 1 Project Summary This grant application is part of a previous project report presented
More informationOutlookSoft Budget & Planning Software (Business Performance Management System)
Page 1 of 6 EXECUTIVE SUMMARY ACTION ITEM: OutlookSoft Budget & Planning Software (Business Performance Management System) ISSUE: NAU seeks the Board s approval to purchase and implement a Business Performance
More informationArizona State University Fiscal Year 2009 IT Risk Assessment Methodology Prepared for the January 22, 2009 Audit Committee Meeting
Arizona State University Fiscal Year 2009 IT Risk Assessment Methodology Prepared for the January 22, 2009 Audit Committee Meeting This document provides an overview of the methodology used by ASU University
More informationEnterprise Projects Fiscal Year 2011/2012 Third Quarter Report
Enterprise Projects Fiscal Year 2011/2012 Third Quarter Report Enterprise Projects Fiscal Year 2011/2012 Third Quarter Report The Enterprise Program Investment Council (EPIC) is responsible for governance
More informationSNS Funding and IT Strategic Plan
FY 07-08 IT Budget Proposal IST: Systems & Network Security (SNS) ABBA Category One: Institutional Effectiveness ABBA Category Two: Information Technology For more information about this proposal, contact:
More informationInformation Technology Security Review April 16, 2012
Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing
More informationContinuous compliance through good governance
PCI DSS Compliance: A step into the payment ecosystem and Nets compliance program Continuous compliance through good governance Who are the PCI SSC? The Payment Card Industry Security Standard Council
More informationVulnerability Threat Management
Vulnerability Threat Management Project Proposal Form Project Title Vulnerability Threat Management Agency/Entity Security Architecture Work Group Form Version: 20070910 Notes about this form: 1. USE.
More informationWEB APPLICATION SECURITY TESTING GUIDELINES
WEB APPLICATION SECURITY TESTING GUIDELINES 1 These guidelines were developed to support the Web Application Security Standard. Please refer to this standard for additional information and/or clarification
More informationNETWORK PENETRATION TESTING
Tim West Consulting 6807 Wicklow St. Arlington, TX 76002 817-228-3420 Twest@timwestconsulting.com OVERVIEW Tim West Consulting Tim West Consulting is a full service IT security and support firm that specializes
More informationCompany A Project Plan
Company A Project Plan Project Name: Close Optimization Project Example Prepared By: David Done - Project Manager Title: John Doe -Project Manager Date: March 17, 2011 Project Plan Approval Signatures
More informationGTA Board of Directors September 4, 2014
GTA Board of Directors September 4, 2014 Our Strategic Vision Our Mission A transparent, integrated enterprise where technology decisions are made with the citizen in mind To provide technology leadership
More informationAT&T Global Network Client for Windows Product Support Matrix January 29, 2015
AT&T Global Network Client for Windows Product Support Matrix January 29, 2015 Product Support Matrix Following is the Product Support Matrix for the AT&T Global Network Client. See the AT&T Global Network
More informationAppendix B California Health Benefits Exchange Level I Establishment Grant Application Budget and Budget Narrative
Appendix B California Health Benefits Exchange Level I Establishment Grant Application Budget and Budget Narrative Budget Narrative Salary and Wages (Does not include IT Exchange Program positions) Total:
More informationSTATE OF ARIZONA Department of Revenue
STATE OF ARIZONA Department of Revenue Douglas A. Ducey Governor September 25, 2015 David Raber Director Debra K. Davenport, CPA Auditor General Office of the Auditor General 2910 North 44 th Street, Suite
More informationAppalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2
Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationUniversity of Wisconsin System Strategic Initiatives
University of Wisconsin System Strategic Initiatives April 27,2015 Sasi K. Pillay UWSA CIO 1 Principles Mission Enablement Reduction of Risk Cost-effective Operations 2 The Four Tenets A. Elevate the Professionalism
More informationQ&A ADDENDUM FOR INFORMATION SECURITY VULNERABILITY ASSESSMENT PUBLISHED 10/20/2015
Q&A ADDENDUM FOR INFORMATION SECURITY VULNERABILITY ASSESSMENT PUBLISHED 10/20/2015 UPDATE HISTORY: 10/21/2015 10/30/2015 11/5/2015 Questions submitted by Proposers All proposers should reference the following
More informationCORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT
CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT How advancements in automated security testing software empower organizations to continuously measure information
More informationInteractive Television (ITV) System Upgrade Project
Page 1 of 7 EXECUTIVE SUMMARY ACTION ITEM: Interactive Television (ITV) System Upgrade Project ISSUE: NAU seeks the Board s approval to upgrade its Interactive Television (ITV) System. Distance Learning
More informationAccenture Cyber Security Transformation. October 2015
Accenture Cyber Security Transformation October 2015 Today s Presenter Antti Ropponen, Nordic Cyber Defense Domain Lead Accenture Nordics Antti is a leading consultant in Accenture's security consulting
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,
More informationSTATE OF NEW JERSEY IT CIRCULAR
NJ Office of Information Technology P.O. Box 212 www.nj.gov/it/ps/ Chris Christie, Governor 300 River View E. Steven Emanuel, Chief Information Officer Trenton, NJ 08625-0212 STATE OF NEW JERSEY IT CIRCULAR
More informationNYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011
NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011 Executive Summary BACKGROUND The NYS Local Government Vulnerability Scanning Project was funded by a U.S. Department of Homeland Security
More informationHow To Implement Itil V3
2009 NMCI Conference: Implementing ITIL Session 1: ITSM Process ITSM COE Agenda Background ITSM Overview ITIL and Service Delivery Adopting ITIL to NGEN SE&I Activities 2 Background Develop Government
More informationCommittee of the Whole. January 22, 2014
Committee of the Whole January 22, 2014 Drivers for 2003 IT Outsourcing Cost savings - privatization model ($2- $3MM/year) Cost avoidance Data center lease with County expiring ($3.5MM) Disaster recovery
More informationPCI-DSS Penetration Testing
PCI-DSS Penetration Testing Adam Goslin, Co-Founder High Bit Security May 10, 2011 About High Bit Security High Bit helps companies obtain or maintain their PCI compliance (Level 1 through Level 4 compliance)
More informationintegrate 2: Business Process Redesign
Nevada System of Higher Education integrate 2: Business Process Redesign Executive Summary TABLE OF CONTENTS I. BACKGROUND AND OBJECTIVES 2 II. METHODOLOGY AND APPROACH 3 III. PROJECT OUTCOMES 5 IV. MAJOR
More informationCOMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*
COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) 2 Fixed Rates Variable Rates FIXED RATES OF THE PAST 25 YEARS AVERAGE RESIDENTIAL MORTGAGE LENDING RATE - 5 YEAR* (Per cent) Year Jan Feb Mar Apr May Jun
More informationCOMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*
COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) 2 Fixed Rates Variable Rates FIXED RATES OF THE PAST 25 YEARS AVERAGE RESIDENTIAL MORTGAGE LENDING RATE - 5 YEAR* (Per cent) Year Jan Feb Mar Apr May Jun
More informationExecutive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:
Executive Summary Texas state law requires that each state agency, including Institutions of Higher Education, have in place an Program (ISP) that is approved by the head of the institution. 1 Governance
More informationManaging Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services
Managing Vulnerabilities for PCI Compliance White Paper Christopher S. Harper Managing Director, Agio Security Services PCI STRATEGY Settling on a PCI vulnerability management strategy is sometimes a difficult
More informationARIZONA STATE UNIVERSITY W. P. CAREY SCHOOL OF BUSINESS BUSINESS INFORMATION TECHNOLOGY
ARIZONA STATE UNIVERSITY W. P. CAREY SCHOOL OF BUSINESS BUSINESS INFORMATION TECHNOLOGY Audit Report No. ASU 04 04 June 30, 2004 Arizona Board of Regents Audit Services 2020 N. Central Avenue, Suite 230
More informationOPTIMIZING THE USE OF VHA s FEE BASIS CLAIMS SYSTEM (FBCS)
VA-CASE VISN 11 VA Center for Applied Systems Engineering OPTIMIZING THE USE OF VHA s FEE BASIS CLAIMS SYSTEM (FBCS) The Fee Basis Claims System (FBCS) Optimization initiative aims to improve, standardize,
More information2011 Forrester Research, Inc. Reproduction Prohibited
1 2011 Forrester Research, Inc. Reproduction Prohibited Information Security Metrics Present Information that Matters to the Business Ed Ferrara, Principal Research Analyst July 12, 2011 2 2009 2011 Forrester
More informationWhat is Penetration Testing?
White Paper What is Penetration Testing? An Introduction for IT Managers What Is Penetration Testing? Penetration testing is the process of identifying security gaps in your IT infrastructure by mimicking
More informationTECHNOLOGY SOLUTIONS FOR THE INTERNAL AUDITOR
TECHNOLOGY SOLUTIONS FOR THE INTERNAL AUDITOR (BUY VS BUILD) APRIL 17, 2015 LEVERAGING TECHNOLOGY FOR AUDIT Utilizing Software to Administrate Audit Process 40% 35% 30% 37% Tools Leveraged 32% 36% Yes
More informationGoals. Understanding security testing
Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3
More informationProgram Lifecycle Methodology Version 1.7
Version 1.7 March 30, 2011 REVISION HISTORY VERSION NO. DATE DESCRIPTION AUTHOR 1.0 Initial Draft Hkelley 1.2 10/22/08 Updated with feedback Hkelley 1.3 1/7/2009 Copy edited Kevans 1.4 4/22/2010 Updated
More informationBest Practices Statement Project Management. Best Practices for Managing State Information Technology Projects
State of Arkansas Office of Information Technology 124 W. Capitol Ave. Suite 990 Little Rock, AR 72201 501.682.4300 Voice 501.682.4020 Fax http://www.cio.arkansas.gov/techarch Best Practices Statement
More informationAUDIT REPORT. Cybersecurity Controls Over a Major National Nuclear Security Administration Information System
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT Cybersecurity Controls Over a Major National Nuclear Security Administration Information System DOE/IG-0938
More informationBusiness Idea Development Product production Services. Development Project. Software project management
Page 1, 1/20/2003 Ivica Crnkovic Mälardalen University Department of Computer Engineering ivica.crnkovic@mdh.se Development Project Product Lifecycle Business Idea Development Product production Services
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationOffice of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget
Office of the Auditor General Performance Audit Report Statewide UNIX Security Controls Department of Technology, Management, and Budget December 2015 State of Michigan Auditor General Doug A. Ringler,
More informationWHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION
WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION Table of Contents Executive Summary...3 Vulnerability Scanners Alone Are Not Enough...3 Real-Time Change Configuration Notification is the
More informationProject Execution - PM Elements
Performance Initial Release 1. Introduction to Project Tracking and Reviewing Once a project has advanced to the phase of performance, the consistent and constant flow of information on the true status
More informationCompleted and Current Projects
Completed and Current Projects This project list is updated regularly with the current status of each project and the milestones that have been achieved. You can see the latest information on each project
More informationNetwork Marketing Strategy - Overview of the Colorado Cyber Security Program
COLORADO S CYBERSECURITY ASSESSMENT APPROACH Matt Devlin, CISA, CISM Deputy State Auditor September 30, 2014 Overview Colorado OSA and IT Audit Background State of Colorado IT and InfoSec Organizational
More informationAudit Follow-up: Mobile Computing Security
Audit Follow-up: Mobile Computing Security September 2015 FY15 - #07 Submitted to: Michele L. Norin, Vice President for Information Technology and Chief Information Officer Derek A. Masseth, Senior Director,
More informationDeep Security Vulnerability Protection Summary
Deep Security Vulnerability Protection Summary Trend Micro, Incorporated This documents outlines the process behind rules creation and answers common questions about vulnerability coverage for Deep Security
More informationASU Web Application Security Standard
ASU Web Application Security Standard Spring 2014 2 1 PURPOSE This standard seeks to improve the security of ASU Web applications by addressing the following: Threat modeling and security testing Web application
More informationCost effective methods of test environment management. Prabhu Meruga Director - Solution Engineering 16 th July SCQAA Irvine, CA
Cost effective methods of test environment management Prabhu Meruga Director - Solution Engineering 16 th July SCQAA Irvine, CA 2013 Agenda Basic complexity Dynamic needs for test environments Traditional
More informationUNIVERSITY OF CENTRAL ARKANSAS PURCHASING OFFICE 2125 COLLEGE AVENUE SUITE 2 CONWAY, AR 72034
UNIVERSITY OF CENTRAL ARKANSAS PURCHASING OFFICE 2125 COLLEGE AVENUE SUITE 2 CONWAY, AR 72034 REQUEST FOR PROPOSAL Information Technology Security Audit RFP#UCA-15-072 PROPOSALS MUST BE RECEIVED BEFORE:
More informationOhio Supercomputer Center
Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationFull Grant Proposal Library Services and Technology Act FFY 2009
Appendix E Full Grant Proposal Library Services and Technology Act FFY 2009 This form is available for download on our web site via: http://www.oregon.gov/osl/ld/grantmainalt.shtml. Use 12 point Times
More informationRelease of the Draft Cybersecurity Procurement Language for Energy Delivery Systems
Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems Energy Sector Control Systems Working Group Supporting the Electricity Sector Coordinating Council, Oil & Natural Gas
More informationC. HIRING PROCESS FOR FACULTY AND ACADEMIC PROFESSIONALS
C. HIRING PROCESS FOR FACULTY AND ACADEMIC PROFESSIONALS This document details the process for hiring faculty and academic professionals. Under the process, deans have the discretion to delegate approval
More informationHow to Prepare for a Data Breach
IT Forum How to Prepare for a Data Breach Expediting Response and Minimizing Losses Presentation for SURA IT Committee November 5,,2014 Laura Whitaker, Senior Research Director eab.com Getting to Know
More informationCautela Labs Cloud Agile. Secured.
Cautela Labs Cloud Agile. Secured. Vulnerability Management Scanning and Assessment Service Vulnerability Management Services New network, application and database vulnerabilities emerge every day. Because
More informationUF IT Risk Assessment Standard
UF IT Risk Assessment Standard Authority This standard was enacted by the UF Senior Vice President for Administration and the UF Interim Chief Information Officer on July 10, 2008 [7]. It was approved
More informationPatch Management Policy
Patch Management Policy L2-POL-12 Version No :1.0 Revision History REVISION DATE PREPARED BY APPROVED BY DESCRIPTION Original 1.0 2-Apr-2015 Process Owner Management Representative Initial Version No.:
More informationPROJECT MANAGEMENT PLAN <PROJECT NAME>
PROJECT MANAGEMENT PLAN TEMPLATE This Project Management Plan Template is free for you to copy and use on your project and within your organization. We hope that you find this template useful and welcome
More informationRedhawk Network Security, LLC 62958 Layton Ave., Suite One, Bend, OR 97701 sales@redhawksecurity.com 866-605- 6328 www.redhawksecurity.
Planning Guide for Penetration Testing John Pelley, CISSP, ISSAP, MBCI Long seen as a Payment Card Industry (PCI) best practice, penetration testing has become a requirement for PCI 3.1 effective July
More informationProject title (in Chinese) 項 目
II Project Information Project title (in English) Project title (in Chinese) HKCAAVQ IT Infrastructure Development 香 港 學 術 及 職 業 資 歷 評 審 局 資 訊 系 統 基 建 發 展 Project 項 目 Project summary (Please provide an
More informationManaging Open Source Code Best Practices
Managing Open Source Code Best Practices September 24, 2008 Agenda Welcome and Introduction Eran Strod Open Source Best Practices Hal Hearst Questions & Answers Next Steps About Black Duck Software Accelerate
More informationProject Management Plan for
Project Management Plan for [Project ID] Prepared by: Date: [Name], Project Manager Approved by: Date: [Name], Project Sponsor Approved by: Date: [Name], Executive Manager Table of Contents Project Summary...
More informationCurrent IBAT Endorsed Services
Current IBAT Endorsed Services Managed Network Intrusion Prevention and Detection Service SecureWorks provides proactive management and real-time security event monitoring and analysis across your network
More informationUniversity of Oregon Information Technology Risk Assessment. December 2, 2015
December 2, 2015 Table of Contents EXECUTIVE SUMMARY... 3 BACKGROUND... 3 APPROACH... 4 IT UNITS... 5 NOTED STRENGTHS... 5 THEMES... 6 IT RISKS... 11 IT RISKS DESCRIPTIONS... 12 APPENDIX A: BAKER TILLY
More informationSeven Practical Steps to Delivering More Secure Software. January 2011
Seven Practical Steps to Delivering More Secure Software January 2011 Table of Contents Actions You Can Take Today 3 Delivering More Secure Code: The Seven Steps 4 Step 1: Quick Evaluation and Plan 5 Step
More informationEnterprise Projects Fiscal Year 2009/2010 Third Quarter Report
Enterprise Projects Fiscal Year 2009/2010 Third Quarter Report Enterprise Projects Fiscal Year 2009/2010 - Third Quarter Report The Enterprise Program Investment Council (EPIC) is responsible for governance
More informationProject Delays Prevent EPA from Implementing an Agency-wide Information Security Vulnerability Management Program
U.S. ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL Audit Report Catalyst for Improving the Environment Project Delays Prevent EPA from Implementing an Agency-wide Information Security Vulnerability
More informationSTATEMENT OF WORK (SOW) for CYBER VULNERABILITY ASSESSMENT
1.0 Introduction UTILITIES desires to contract with a CONTRACTOR to conduct an in-depth cyber vulnerability assessment and physical penetration vulnerability assessment of our IT Infrastructure as outlined
More informationASU Payroll Audit Number 07-01 April 2007
Audit Number 07-01 April 2007 University Audit and Advisory Services EXECUTIVE SUMMARY Scope and Objective During fiscal year ended June 30, 2006, Arizona State University (ASU) paid over 6,500 employees
More informationManaged Service Solutions Catalogue. MANAGED SERVICES SOLUTIONS CATALOGUE MS Offering Overview June 2014
Managed Service Solutions Catalogue MANAGED SERVICES SOLUTIONS CATALOGUE MS Offering Overview June 2014 1 MANAGED SERVICES SOLUTIONS CATALOGUE Managed Services Solutions Catalogue Managed Service Solutions
More informationcase study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME:
The Computerworld Honors Program Summary developed the first comprehensive penetration testing product for accurately identifying and exploiting specific network vulnerabilities. Until recently, organizations
More informationNational Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2. Exit Conference...
NEA OIG Report No. R-13-03 Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning to detect vulnerabilities... 2 Area
More informationManaged Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?
Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security
More informationHow To Audit Telecommunication Services And Enterprise Security
EXECUTIVE DIGEST TELECOMMUNICATION SERVICES AND ENTERPRISE SECURITY INTRODUCTION This report, issued in March 2002, contains the results of our performance audit* of Telecommunication Services and Enterprise
More informationAPPLICATION ANNUAL WORK PLAN (ONE OBJECTIVE PER PAGE)
GOVERNANCE Objective 1A Ensure program success through effective governance structures. The successful applicant will be required to work with a representative advisory group developed in consultation
More informationAUTOMATED PENETRATION TESTING PRODUCTS
AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for automated penetration testing software and demonstrate
More informationManaging Projects with Practical Software & Systems Measurement PSM
Managing Projects with Practical Software & Systems Measurement PSM Mauricio Aguiar PSM Qualified Instructor TI Métricas Ltda. Av. Rio Branco 181/1910 Rio de Janeiro, RJ Brazil 20040-007 www.metricas.com.br
More informationPurchased Services Areas of Opportunity:
Purchased Services Areas of Opportunity: How Texas Children's Hospital Achieved Significant Cost Savings For Its Contract Staffing Purchased Services Presented by Edward M. Lewis, C.P.M., CMRP Supply Chain
More informationComputing & Telecommunications Services Monthly Report March 2015
March 215 Monthly Report Computing & Telecommunications Services Monthly Report March 215 CaTS Help Desk (937) 775-4827 1-888-775-4827 25 Library Annex helpdesk@wright.edu www.wright.edu/cats/ Last Modified
More informationManagement (CSM) Capability
CDM Configuration Settings Management (CSM) Capability Department of Homeland Security National Cyber Security Division Federal Network Security Network & Infrastructure Security Table of Contents 1 PURPOSE
More informationHealthcare Security Vulnerabilities. Adam Goslin Chief Operations Officer High Bit Security
Healthcare Security Vulnerabilities Adam Goslin Chief Operations Officer High Bit Security Webinar Overview IT Security and Data Loss Breach Sources / Additional Information Recent Medical Breach / Loss
More informationAsset management guidelines
Asset management guidelines 1 IT asset management (ITAM) overview Objective Provide a single, integrated view of agency assets in order to allow agencies to identify the asset location and assess the potential
More informationExecutive Branch IT Reorganization Project Plan
Office of Information Resource Management Executive Branch Project Plan Work Program Funded by for IT Appropriations Reorganization 2007, 2009 and Five Small Projects Date: August 2009 Version: 1.3 Revision
More informationEPA Could Improve Its Information Security by Strengthening Verification and Validation Processes
OFFICE OF INSPECTOR GENERAL Audit Report Catalyst for Improving the Environment EPA Could Improve Its Information Security by Strengthening Verification and Validation Processes Report No. 2006-P-00002
More informationProcess Validation Workshops. Overview Session
Process Validation Workshops Overview Session 2 Session Objectives: Prepare staff for participating in a Process Validation Workshop Clarify the Purpose of Process Validation Workshops Clarify Expected
More informationPart-Time MBA Multidisciplinary Part-Time MBA Action Projects Sp
Part-Time MBA Multidisciplinary Part-Time MBA Action Projects Sponsor Multidisciplinary Guide 2014-15 Action Projects Sp How can you leverage outside perspectives and expertise for lasting, valuable results?
More informationCampus Solutions: Successful Management of Innovative Projects Beyond Go-Live
Campus Solutions: Successful Management of Innovative Projects Beyond Go-Live Introductions & Ice Breaker UA Overview Assessing the Landscape Project Initiation & Startup Managing the Project Looking Forward
More informationVulnerability Management. Information Technology Audit. For the Period July 2010 to July 2011
O L A OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA FINANCIAL AUDIT DIVISION REPORT Vulnerability Management Information Technology Audit For the Period July 2010 to July 2011 May 22, 2012 Report
More informationAn Introduction to Network Vulnerability Testing
CONTENTS Introduction 3 Penetration Testing Overview 4 Step 1: Defining the Scope 4 Step 2: Performing the Penetration Test 5 Step 3: Reporting and Delivering Results 6 VeriSign SecureTEST 7 Common Vulnerability
More informationCity of Minneapolis RCA Provision of IT Services. Committee of the Whole February 11, 2015
City of Minneapolis RCA Provision of IT Services Committee of the Whole February 11, 2015 Background IT Services contract with Unisys signed 12/2002 Unisys contract renegotiated in 2007 Reduced cost, added
More informationACTION ITEM: Approval of the W.P. Carey School of Business Online MBA Program Outsourcing Project - ASU
Page 1 of 5 EXECUTIVE SUMMARY ACTION ITEM: Approval of the W.P. Carey School of Business Online MBA Program Outsourcing Project - ASU ISSUE: ASU seeks approval for the $1 million project to outsource the
More informationBusiness Continuity Position Description
Position Description February 9, 2015 Position Description February 9, 2015 Page i Table of Contents General Characteristics... 2 Career Path... 3 Explanation of Proficiency Level Definitions... 8 Summary
More informationETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001
001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More information